The breach occurred when users were trying to get into their own accounts using a mobile-phone Web browser, the company said in an e-mailed statement. It wasn’t clear if the security hole was related to the shutdown, Microsoft said.
“Microsoft takes customers’ privacy seriously, and immediately upon learning of these reports, we started an investigation,” the Redmond, Washington-based company said in the statement. “We will take appropriate action once we have completed the investigation.”
The outage occurred at about 12:30 p.m. New York time and affected Microsoft’s Windows Live ID system, preventing some customers from signing in to Hotmail free e-mail accounts and other services. More than 460 million users have online IDs that work with the system, according to Microsoft’s Web site.
Microsoft rose 55 cents to $28.35 at 4 p.m. New York time on the Nasdaq Stock Market. The shares have fallen 7 percent this year.
Unfamiliar inbox
Masato Kimura, a Hotmail user in Rockville, Maryland, said the security flaw began and ended at about the same time as the broader service failure. Kimura said he was trying to check his Hotmail messages from his LG Electronics Inc. Voyager phone when a different account popped up.
“All of a sudden, I saw an inbox that looked very unfamiliar to me,” he said. “I tried it again and got yet another inbox. I tried it several times and each time I would be getting a different inbox.”
Using a computer, Kimura wasn’t able to get to Hotmail at all. After Microsoft restored the service, Kimura was able to log in to his own account using his phone.
“It’s not a big deal if I can’t get into my own account for a few hours, the problem is if someone else can get into my account,” he said.